Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Neural Network Black-box Attack Defense Method Based on Knowledge Distillation

A neural network and black box technology, which is applied in the field of neural network black box attack defense based on knowledge distillation, can solve the problem of high computational complexity, and achieve the effect of robust confrontation training and good defense

Active Publication Date: 2022-04-29
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of the above-mentioned deficiencies in the prior art, the neural network black-box attack defense method based on knowledge distillation provided by the present invention solves the problem of high computational complexity caused by multiple queries in the traditional method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Neural Network Black-box Attack Defense Method Based on Knowledge Distillation
  • Neural Network Black-box Attack Defense Method Based on Knowledge Distillation
  • Neural Network Black-box Attack Defense Method Based on Knowledge Distillation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0017] Specific embodiments of the present invention are described below so that those skilled in the art can understand the present invention, but it should be clear that the present invention is not limited to the scope of specific embodiments. For those of ordinary skill in the art, as long as various changes Within the spirit and scope of the present invention defined and determined by the appended claims, these changes are obvious, and all inventions and creations using the concept of the present invention are included in the protection list.

[0018] Knowledge distillation is an information extraction method based on neural networks, and it is also an effective network compression method. A teacher network is generated by integration or large-scale training, and then the output labels of the teacher network are softened to increase the difference. The amount of information between categories makes it more compatible with different model classification tasks.

[0019] Whe...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a neural network black-box attack defense method based on knowledge distillation, which includes selecting multiple sub-networks to construct a teacher network, softening the input vectors of the softmax layer of all sub-networks, and then reloading the model parameter training of the sub-networks Obtain a new sub-network; obtain the predicted labels of each sub-network, and use the average or weighted average of all predicted labels as soft labels; input the ImageNet dataset into the student network, using soft labels, hard labels of datasets and black box model special Labels guide students to network training to obtain alternative models; use white-box attack algorithm to attack alternative models to generate adversarial sample sequences, and use adversarial sample sequences to attack black-box models, and select adversarial samples that successfully attack in the adversarial sample sequence; The adversarial samples are added to the training set of the black-box model, and the updated training set is used for adversarial training to generate a black-box model with defensive attacks.

Description

technical field [0001] The invention relates to a defense method of a neural network, in particular to a black-box attack defense method of a neural network based on knowledge distillation. Background technique [0002] The existing common black-box attacks are divided into migration-based training substitution model attack methods and decision-based multiple query estimation gradient attack methods. After generating a substitute model close to the black-box model and estimating the gradient close to the black-box model, the two use the mainstream white-box attack method to attack. [0003] Most of the former needs to know the training data set of the attacked model, as well as a lot of information other than the internal parameters of the model, such as input and output, when training the replacement model, and this information, especially the training data set, is difficult to know in practical applications, or The number of acquisitions is limited, so the method of gener...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/55G06N3/04G06N3/08
CPCG06F21/55G06N3/08G06N3/045
Inventor 崔炜煜王文一李晓锐陈建文
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com